On 16/11/2018 16:19, Keith Erekson wrote: > Standard "I am not a lawyer" disclaimer applies, but it is my impression > (both from speaking to people who know more than I do about this, and > from reading article 17 of the GDPR) that the "right to be forgotten" > isn't necessarily absolute.
That is also my understanding. > Meaning that if one were to receive such a request, and it is *not > possible* to remove the data, this doesn't automatically mean that the > only recourse is to shut down the service. Specifically, this language > is the part that catches my attention: "the controller, taking account > of available technology and the cost of implementation, shall take > reasonable steps, including technical measures, to inform controllers..." "Reasonable" is a commonly encountered word in data protection law, and what is or is not "reasonable" is a matter of interpretation. The answer to this and many other questions about GDPR is that nobody really knows for sure, not even the experts, and the only way to find out is to wait for a test case to bring enlightenment. Until that happens, even the most learned advice will be hedged with a thicket of qualified assumptions. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
